[Bro] Bro behavioral analysis
mpselab at gmail.com
Wed Jul 29 06:24:58 PDT 2015
Here is another example from Bro's shellshock detector (emphasis is mine):
"...It's more comprehensive than most of the detections around in that it's
watching for *behavior* from the attacked host that might indicate
successful compromise or actual vulnerability."
Read more here: https://github.com/broala/bro-shellshock
On Wed, Jul 29, 2015 at 3:08 PM, Savakh S <sovakah at gmail.com> wrote:
> Can someone explain why Bro is said "behavioral" IDS and give an
> example ? I understand Bro can perform protocol analysis, DPI, by its
> analyzers, but what about "behavioral" ?
> Thanks in advance.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro